I'd happily write a data fix script but I need more than a crystal ball to devise the structure 😁

I have it in Day 2, so it probably happened more than once)

Maybe someone is trying to look into cause before considering a data fix. Anyway, doesn't stop tackling the later rooms, which is good.

Well, I think it's gonna be alright 🙂

Have you done any of the previous AoC years? I hadn't so I've gone back and found year 1. It's less user friendly, which makes for a good challenge!

No, I am new to this, but I solve stuff on Hack the Box in parallel.
Maybe will take a look

The windows local persistence room is super buggy. Not possible to get all flags unfortunately
I am at flag9 in task5 Abusing task scheduler. I get the reverse shell and i am NT Authority but i still can't open that flag

Hey, in the room "Active Reconnaissance" from the Junior Pentester Path, in Task 6 "Netcat" on the last paragraph the text says "You can find a recording of the process below.", but there is no recording present.

I'm revisiting the ghosts of christmas past and looking at the first AoC /25daysofchristmas. The service on Task 14 [Day 9] Requests appears to be down ( 10.10.169.100:3000 )
Evidence and Question screenshots included.

This is a known machine to not work anymore.

You'll need to be creative in how you get the answer.

In the Windows Event Logs Room, Task 4 Get-WinEvent questions 3 and 4 are asking to execute a command from example 8 and 9 but for me the description ends with example 3. Is that a bug on my side or was this accidentally deleted while updating portions of the task?

hello!. i want to report a small typo in the red team fundamentals rooms

red team fundamentals -> task 6 overview of a red team engagement -> view site -> slide 5: emulating TTP: lateral movement

Coming from #site-support I was redirected to this channel.
In the room VulnNet there is no button with Start Machine
Link: https://tryhackme.com/room/vulnnet1

-banspam 448555703163027467

🔨 Banned Souza#6271 indefinitely

Hello, I think the CompTIA Pentest+ "Tutorial" section might be bugged, it gave no points when answered

Just making my way through the content, and in "Introductory Networking" a question: Which layer checks received packets to make sure that they haven't been corrupted?
The answer it claims to be correct is 2, however packets are at layer 3, not layer 2. Layer 2 transmits and receives frames.

https://tryhackme.com/room/osqueryf8, task 6, "How many services are running on this host?": The wanted answer is 214, which is the number of all services in the services table. However, it is technically not the number of services running ([...] where status='RUNNING';), which would be 73 (at least in my case, not sure how well that translates from machine to machine).

In the https://tryhackme.com/room/googledorking room, in task 3, there is a link to http://googledorking.cmnatic.co.uk/ which doesn't seem to be valid anymore.

@dusky junco you take down this sub? ^

https://tryhackme.com/room/adventofcyber4, there is a problem with day 2 where a question appears twice, and when I answer it, it reset after refreshing the page, thus this section can't be validated. After discussing it with my friends, I am the only one with this bug. The question is, “What is the IP address of the attacker?”
(screenshot https://i.imgur.com/MuHqb1u.png)

Don't know If someone had the same issue

Hello, I'm encountering issues on metasploitexploitation room. I have my Kali Linux and the subroom (MetasploitMSFVENOM VM), when I switch from one to another, I'm disconnected from the MetasploitMSFVENOM one and it claused all the processes (including the one required to complete the task). What's the workaround ? Just clicking on the VM name in the split view will result in a session restart.

same issue has been reported by multiple people and is probably being looked into by thm staff

Pwn101 room machine seems broken

Don't know where to post this but in AoC day 13 the last question is regarding results from virustotal, and it seems that this answer changes over time? IN the walkthrough vid by CyberNinja it shows 3 IP addresses but my current results show 4 plus 2 private and it is impossible to determine which of these are the acceptable ones.

all the tcp ones except: ||23.216.147.64:443 (TCP)|| is the correct answer and yeah that kinda sucks

kinda shows the problem with using external sources as those can change a lot

helped a bit and made a comment on virustotal about the right ip:s

Hello

I believe there is a small error in this room. The correct thing would be file2.yar instead of files2.yar.

@dusky junco

It’s answer tolerance. Refresh the page and the expected answer will show

It actually fixed it after updating. But I spent a few minutes trying to put the correct value and the platform did not accept it. I have already sent as feedback to give the room authors the possibility to put variations of answers or simply accept when there is only 1 wrong character. As long as you let the user know that he has not completely accepted it.

Metapoit just told you the feedback you sent is already in place.

Very good! Thanks. 🙂

Gave +1 Rep to @quaint sparrow

Thanks

Oops, it looks like the tool only thanks one! :S

Tiniest little room bug on Day 16 AoC 4: The ElfChat message before Flag 3 has the text link "regular link for the Animal Farm," - but the a href of that link is just the IP address and port, without the p.thmlabs.com proxy

Not a bug, more like room needs an update (i think so), Red Team Recon, Task-6, recon-ng, module google_site_web no longer returns any info, returns [!] Google CAPTCHA triggered. No bypass available.

My daily hacking streak instantly starts with one.
Even i didn't miss it...
Is this a bug or anything else.

have you tried hitting ctrl + F5 and checking the streak again??? because sometimes it has trouble updating

hello! small error here. "dissus" -> "discuss"

room red team engagements -> task 9 mission plan -> view site -> section: Execution Variants

good morning THM staff, hope all is well 🙂
AoC, Day 17, under Client-side vs Server-side; the word are is missing, and the spacing looks a bit off (not sure if that was intentional to match word location better given the image off to the left)

Working through some basic free rooms and found this typo in the "What is Networking?" room ( https://tryhackme.com/room/whatisnetworking/ ) under task 2:
"It wasn't until this point that the Internet wasn't used as…"
Suggested change: the 2nd wasn't should be changed to was.

Another typo in the same room ( https://tryhackme.com/room/whatisnetworking/ ). Now under task 4:
The screenshot show the average ping respons time as 4.160 ms. The text below states it as 5.3 seconds (pretty horrible response time if you ask me!).
Also the min/avg/max times in the "View Site" window are not correct.

I think I found a Error in todays task of the advent of cyber

yuppp I've just updated the text to reflect the correct creator 🙂

thanks!

Hello, there's one image that is not loading "bad request" error in networkservices2 room Task2

Hi guys, just wanted to do the sql injection room - everytime I start the machine, I get a 502 bad gateway or timeout by the nginx server

working now, but hat to terminate a few times

You should give the machine 5-10 min(s) for all services to boot up.

I believe I found a bug in one of the AoC rooms.

Hello guys,
Did any of you already cloned a room with a lab like https://tryhackme.com/room/breachingad ?
When I clone it I am not able to access to the network, is that normal ?
Thanks for your help 🙂 !

Did you download the Breaching AD VPN pack?

Or are you using the attackbox?

You'll need to post it...

I am using the AttackBox usually

I already send an email to hello@thm but I did not get any answer yet :/

What do you mean by cloning the room? This has a particular meaning in the THM context. Do you mean joining?

No, cloning, using the assignments / clone room menu

Breaching AD is a network, that might be the reason. Is probably a question for support, as cloning is not a standard subscription feature on THM accounts.

hi. Hydra room is bugged?

first of all, description doesnt lead to solution, had to watch a video but after getting the flags nothing happens. I cant progress

Hi Network Services 2 room has a missing image related to NFS.

I think the website for ntlm auth in the breachingad room is not working: http://ntlmauth.za.tryhackme.com/

I am connected to the network vpn and have also tried on the attack box

https://tryhackme.com/room/commonlinuxprivesc in Task 4 the url needs to be changed to https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh so it can work again. The url which is now shown does download the whole git page html document instead the script itself.

Otherwise it leads to the error which another user and me encountered: #room-help message

In Task 8 I would add to go out of vi with "exit" and then ":q!" and then again exit, because a complete beginner might get stuck there in an escaped vi.

Hi guys!
I am on " [Day 9] Pivoting Dock the halls" - from AOC
I am using the THM AttackBox and found out that on my AttackBox is running Metasploit v5, instead of v6
For this matter:

• the laravel exploit is not present
• I tried to use the .rb file from rapid7 - but it still does not work - it does not recognize the "Version" of laravel

How can I "update" my THM AttackBox such that it uses msf6 ?

You don't, just read the task again, it's explaining that you have to use the kali VM.
It's also showing you how to start the kali VM instead of the attackbox 🙂

thanks! I solved it with my own Kali

Hi!

I don't know if this is the right room to say this, if not please correct me.

https://tryhackme.com/room/windowsreversingintro room and Loop Sample section says "This is saying move RBX into RAX if RSI is not less than 0x10". However, when you examine the instruction, you will see that RDI is moved to the RAX register, not RBX. You might want to take a look here.

This resource is listed in the "Weaponization" room and it no longer resolves: https://thedarksource.com/msfvenom-cheat-sheet-create-metasploit-payloads/

room link https://tryhackme.com/room/weaponization

Thank you for reporting. Link fixed. 🙂

Gave +1 Rep to @long rapids

Room: Advent of Cyber 2022 (adventofcyber4)
Task: Task 7 (Day 2)
Question: Question 3 - Use the ls command to list the files present in the current directory. How many log files are present?
Issue: Answering the question correctly, but on refresh it is shown as blank. This means this task/day cannot be completed.

The deployed target is provided in a way, when you refresh the page, the target machine's content virtualization will return to the initial state (reconnect to the target). Nevertheless, this does not mean that the machine has restarted. It is possible to complete the question when not refreshing the page. 🙂

When i say refresh im talking about refreshing the THM question page, not the vm. The question itself appears to be a duplicate but entering a valid answer does not complete the room.

Hey, sorry if this is the wrong place but the first writeup for WgelCTF is a broken link that sometimes redirects to a fake Windows virus popup:
this is the link

https://www.embeddedhacker.com/2019/10/hacking-walkthrough-thm-wgel-ctf/```

I see, leaving and re-joining the room might fix this. Leaving the room will not impact your room progress. 🙂

i have previously tried resetting my progress in the room as well as leaving and rejoining but neither of those actions seemed to resolve this as the duplicate question was still there and behaving the same way

in exploiting active directory room in the connection part the given command goes as systemd-resolve --interface exploitad --set-dns $THMDCIP --set-domain za.tryhackme.loc

the mistake is the --interface exploitad because the name of the interface is exploitingad and not exploitad

it gave me a headache to find out why i could not connect 🤦‍♂️

cc @glad badger could we get this checked?

Checking now @bleak haven @hazy tiger

Forwarded to the team. Thank you for reporting. 🙂

Gave +1 Rep to @bleak haven

Hi guys, I'm trying to download the .pcap file from this room: https://tryhackme.com/room/h4cked but it's not working.

Can someone send me the file from here?

hmmmm

not sure if we are allowed to do this but lets risk it

thank you

Just to confirm I have left and rejoined the room again and the duplicate question is still there meaning that the day still cannot be completed

Still researching, can you please DM an image that shows the task (task 7) not appearing completed (still red, not green) even though all questions are answered. 🙂

Screenshots DMed. Looking further up within this channel is looks like other users have experienced this issue of duplicate questions

Thank you. 🙂

Gave +1 Rep to @verbal trout

This is not a bug, just a typo

There is a small typo in Task 22:
Check out Simply Cyber's video walkthrough for Day 21 here!
It says day 21 instead of 22

In the advent of cyber 2022 room

Thank you for reporting. 🎄

Gave +1 Rep to @stiff plank

Can you please DM me the first 10 lines of your OVPN file? It will include a line starting with remote

i was on the attack box

Can you download it from the https://tryhackme.com/access?type=networks page for the Exploitingad Network VPN Server? The AttackBox uses the same ovpn file automatically. 🙂

it works for me now, i just had to change what it was said in the walkthrough and change the interface to exploitingad instead of exploitad

Ah yes, but we're trying to fix the VPN server that your subnet used, as exploitad is the correct interface name and exploitingad is not. If you could provide the ovpn file, we can fix it on our end. 🙂

yeah, do you want me to send it in dm or?

Yes please. 🙂

https://tryhackme.com/room/mitre

In this room Task 3 last question I think the answer would be 14 as there are 14 techniques used for Winniti Group. Can you please check if its 14 or 15

Hi, in https://tryhackme.com/room/btsysinternalssg Task 9, it looks like the expected answer is outdated (C:\agent_work\112\s\Win32\Release\ZoomIt.pdb, found it in a writeup).
Running strings on ZoomIt.exe gives the following output in the room's VM:
D:\a\1\s\Win32\Release\ZoomIt.pdb
D:\a\1\s\x64\Release\ZoomIt64.pdb

Hello, the "Intro to Digital Forensics" room has you entering the name of a Street at GPS co-ordinates as a flag. Looks like they may have done some contruction at that location because that street has been turned into a round-about.
Room: https://tryhackme.com/room/introdigitalforensics
Flag: Task 3 - question 2

The street still looks the same when you input the coordinates.

However you need to change them.

You need to replace the deg with ° then combine them.

so 51 deg 31' becomes 51°31'

I'm getting dropped right in the middle of the round-about:

That's not the right coordinates.

Oh, I realized I still had the example co-ordinated copied

Sorry about the confusion

https://tryhackme.com/room/cve202226134
Task 5, section titled "Python"

Under the Walkthrough (Click to read) prompt, the github URL https://github.com/Nwqda/CVE-2022-26134 no longer exists.

@dusky junco

lol

Hey, any update on my room bug (duplicate question issue) with Task 10 AoC - [Day 5] Brute-Forcing? I still can't complete the day so can't enter the raffle for that day or complete AoC and get my badge!

Hello guys,

Who can i dm to report a bug ?

Just type it here

Staff will pick it up :)

Room WebOSINT, task 7, the answer is not that i can find in viewdns.info

I’ll take a look at this in a day or two

Seems like the task responsible for automating the keystrokes for task 5 - Exploiting Active Directory is broken... been on it for a day.

https://tryhackme.com/room/25daysofchristmas
was doing 2019 advent looks like day9 / task14 has missing server.
the hardcoded IP doesn't actually host anything on port 3000

Hi guys,
i got stuck on Enumration AD, task 3
whether is RDP or SSH on THMJP1, the connection keeps tearing down (not the VPN) so I can do nothing ! i am facing the issue from my kali as well as THM KaliBox
i managed to make dns working (my kali) so it dosen't seem to be related to a dns issue
below the error msg i got via THM KaliBox :
SSL_read: I/O error: Connection reset by peer (104)
Failed to check FreeRDP file descriptor

does anyone come across this issue ?
could yoy help me out because, I spent 3 days on it whitout making progress !

the lab was reset though still the same instability...

https://tryhackme.com/room/rppsempire Many of the graphics associated with this room no longer load because of bad links. For example, Task 5, Listeners.

Not a bug per se but in task 3 of the google dorking room (**https://tryhackme.com/room/googledorking **) there is a link to the Google Size analyzer. Its moved however. It can now be found here - https://pagespeed.web.dev/

ALso the site - http://googledorking.cmnatic.co.uk no longer resolves

I don’t think it is specific to this room, but on day nine of advent of cyber, I had a machine (not the attack kali machine) That terminated even though I added an hour

In the phishing analysis fundamentals (https://tryhackme.com/room/phishingemails1tryoe) task 3 the question asks for the port for Secure SMTP. Surely its 587 that everyone knows. It only accepted 465 though (which admittedly I had to look up once 587 failed)

hmmm

465 is for smtp over ssl or tls

587 seems more generic

Not sure if this has already been reported (or if it's even the best place to report it), but I believe there is a bug/mistake on Day 13 of AoC. Last task has you to enter the defanged IP's that VirusTotal reports as associated with that file. It does state that VT's entry has changed since the walkthrough, but I believe it has changed yet again and now the accepted answer is not correct. VT Reports 5 TCP addresses, THM only accepts 4. The new one that isn't accepted is: 13.107.4.50

yuup and this is probably the place to report it... dunno how they are going to handle it... in the meantime shadows comment in the virustotal comments might be good enough as a carry over

What’s the whole correct answer supposed to be? :)

20[.]99[.]133[.]109,20[.]99[.]184[.]37,23[.]216[.]147[.]64,23[.]216[.]147[.]76

Does that include the new TCP address that has appeared on VT?

It does not. The expected input according to the instructions would be: 13[.]107[.]4[.]50,20[.]99[.]133[.]109,20[.]99[.]184[.]37,23[.]216[.]147[.]64,23[.]216[.]147[.]76

yeah it used to be only 3 now it is four in the answer

Awesome, thanks TomC, I’ll get that updated:)

Gave +1 Rep to @rain echo

now shadow is wondering why they did not bother reporting this themselves

That should be the answer. The actual answer is missing the first IP.

Appreciate it 🙂

@raw bison ⬆️

Done!

@dusky junco

Done!

Ty 👍🏼

Gave +1 Rep to @quaint sparrow

Because of CSP Policy photo in this room doesn't load
https://tryhackme.com/room/anonymousplayground

Not sure if its classified as a bug, in Python Basics, Task 5 Logical and Boolean Operators , there is a code:
'name = "bob" hungry = True
if name == "bob" and hungry == True:
print("bob is hungry")
elif name == "bob" and not hungry:
print("Bob is not hungry")
elif: # If all other if conditions are not met
print("Not sure who this is or if they are hungry") '

Last elif should be else or it throws syntax error

and first line needs to be split in two lines:
name = "bob"
hungry = True

For someone who knows python it might be obvious, but for someone who learns like me it wasnt

Having the same disconnect problems with reverse shell on port 4444

Same problem as @wet fable and both NC and MSF multi/handler reverse reverse shell connection that directly terminates. First time I experience this.

You need to set your payload explicitly within multi/handler

There is a spelling error in the answer to a question in the Intro to lan room. Its question 3 on task 3.

There isn't.

Refresh your screen and the correct answer will show, you've probably just typed it wrong.

So answer tolerance has kicked in, giving you one letter out of place as an accepted answer.

address is spelled with two d's right?

Yes.

but it would only accept adress as the answer and not address

Like I said previously, refresh your page.

i'm about to finish AOC 2022. so far, 10 points to the story and content, everything has been working well 😁

i just want to report a small spelling mistake. path: AOC 2022 -> task 26 -> Abusing device behavior. error: applications' <-> application's

No that is correct. It's a possessive on the plural, behavior belonging to applications plural.

There's a bug in the Web Fundamentals learning path. The bug is found on room/uploadvulns task #4.

Open your web browser and navigate to overwrite.uploadvulns.thm. Your goal is to overwrite a file on the server with an upload of your own.

The link doesn't work which means you can't answer the questions

It works if you've added it to your hosts file as the room tells you to do.

You're right, thank you

Gave +1 Rep to @eternal summit

heyo im not sure of its somehting im doing but for like the very first lesson the "gobuster" thingy isnt working

i understood it as you say, as a possesive with respect to the behavior of the device. so, i undestand that it is a mistake to use: applications' <-> application's

Applications plural on devices

The behavior of applications.

in plural is [applications] or [applications']?

The plural of application is applications.
If you have something belonging to multiple applications, you use applications'

"Applications's" but you omit the s if there is a preceding s

ok i lied-

10.10.206.224 machine on this ip was bugging

the exploitation didnt work

Signature Evasion\Signature Identification: Task 2
VIP user: AttackBox and/or OpenVPN
Task: Use Linux tools {dd,head,split} to identify a file shell.exe at "C:\Users\Student\Desktop\Binaries\shell.exe"
Machine provided is Windows with no WSL for linux commands. Defender exclusions only exist in C:\Users$User\Desktop
Moving the file to another location will trigger Defender if an smb share were to exist but does not.
Could do one of 1000 ways to tx the file back to the attack box or linux machine over vpn, but seems a little out of the way and is not addressed in this manner

you could maybe move the file to C:\xampp\htdocs\uploads\ and try to download quick?

Please provide more information

Ekhm, Linux Privilege Escalation, not sure if intended:

Last login: Fri Jun 18 04:38:27 2021 from 10.0.2.15
Could not chdir to home directory /home/karen: No such file or directory

meh..

https://tryhackme.com/room/investigatingwindows3 is missing the sysmon logs

In the Yara room, it appears that yarGen.py is broken. I get an error message about urllib.request (line 25) when I try to use it. I commented out the line and the script appeared to work fine. Some digging around points to possible issues with compatibility between the request and python3, but I'll leave it to you to confirm. @dusky junco

Room: Phishing Analysis Fundamentals
Task: 6 - Types of Phishing
Bug: The link at the end of the task (about defanged Hyperlinks / IP addresses) is broken and leads to an 404 site.

You are indeed correct re. compatability. You need to use python3 and make sure to revert the changes to the yarGen.py file

The example commands in the room use python3 🙂

Hi all, there's a bug within room "Agent Sudo" in task 3 where it asks for SSH password(it accepts the wrong password), but it is different from the actual ssh password

as i said the exploit didnt work cuz when i uploaded an image it didnt sync and didnt show up on the login page

This is not enough information to reproduce a bug.
What room?
What task? What question?

oh ok sorry

room is lockdown and its the first task user.txt

its the holidays. Is this a bug or not. jajajaja

https://tryhackme.com/room/registry4n6
I think that the first octet in the following question's answer and hint should probably be 172, not 173.
"What is the Last DHCP IP assigned to this host?"

hello guys I have a few questions about Kali

This channel is for bugs with tryhackme rooms

I'm using the built in machine in split view.

I believe that I tried that yesterday and it told me that it didn't have an internet connection. I'll try again

Here's a screenshot of the message

Also, the instructions say that I need to do that if I'm running it on my own system.

Yup, the machines don’t have internet access. You’re not expected to update yarGen, just use the commands like this (sorry for the bad crop I’m on mobile atm and can’t fit the whole command In)

It's OK. I appreciate the help. I ran that yesterday.

Your system being your personal computer not the machine in the room 🙂

Right, I am running it in the THM system in split view.

I hope I'm not disrupting your NYE celebration

https://tenor.com/view/stone-cold-steve-austin-beer-bash-drink-beer-drinking-beer-wwe-gif-16765941

Haha naw you’re not but thanks. I’m ill atm so I’m having a chill evening in

Feel better

Hi all. I think there is a bug it the relevant room. https://tryhackme.com/room/relevant. Can't be able to receive a reverse shell.

Wondering if anyone has experienced the same issue.

hi my friends

I don't know if Snort Basics has somethig wrong

any know if the questions have something wrong or I have to try harder

This is best for #room-help
This channel is for reporting bugs once you're sure they're present.

thank you for your hint

Not so much a bug, but what believe to be a grammar mistake in 'The Lay of the Land' room (https://tryhackme.com/room/thelayoftheland) Under Task 1 - Introduction, one of the sentences reads:

"In this room, the assumption is that we have already gained access to the machine, and we are ready to expand our knowledge more about the environment by performing enumerating for the following"

I feel like the word 'enumerating' is meant to actually be 'enumeration' in this case?

Hi, it seems that the willow room is not working (https://tryhackme.com/room/willow). I get the following error when trying to connect over ssh : └─$ ssh -i key willow@10.10.169.127 Enter passphrase for key 'key': sign_and_send_pubkey: no mutual signature supported willow@10.10.169.127's password:

This is an issue with your machine, not the target. Google that error.

Nothing wrong with the room.

Ok, got it.

HI there. Room "Anthem" seems to have a problem. I cant connect to the machine, neither via openvpn nor the attackbox (no ping, no nmap, no http) -> According to the questions to answer, this can´t be the desired behaviour... rebooted the machine twice, too. Could somebody doublecheck pls?

did you use the -Pn flag with nmap when scanning if the machine is not responding to ping that might help

i did -> same result. but the machine is expected to spawn a web server too which never shown up

hmm okay just wanted to check on of the most common misses

thanks for that anyway 🙂

going to check if it is wonky or if it works for shadow... just wait a few mins

works fine for shadow

nmap detects http port and rdp port

and the website loads

Thank you @rugged canyon

i was waiting for 45 minutes now doing nothing...tried it again - works. maybe it was a temporary thing...? Anyway, kudos for checking it 🙂

Gave +1 Rep to @rugged canyon

no probklem

thanks for basicly recommending a ctf room to shadow

Hi! If its not a feature being worked on, I'd like to suggest a function that alerts users that some questions/answers maybe outdated for certain CTF rooms.

For example - https://tryhackme.com/room/webosint

Referencing the forum posts, the answers to the first set of questions have changed since the room was originally created and some posts to links/solutions to what the answers are have been provided.

Having an alert/pop-up to notify users would be especially helpful for newcomers who are wanting to practice anything they have recently learnt 🙂

Just a little bug in the windows privelage escalation room, task 4

There's several windows privesc rooms, please link to it.

For the always installed elevated section the msfvenom command displays "ATTACKING_10.10.X.X" when it should display "ATTACKING_MACHINE_IP"

Link to the room: https://tryhackme.com/room/windowsprivesc20

Signature Evasion Task 6, you can upload any file (even empty one) with just name challenge-2.exe and when you upload it you get the flag, so the backend system look is not checking at all what is on the file, just the file name

Hello. Two more issues with the Yara room. 1. The VNC menus used to copy and paste are missing. It becomes an issue in Task 10 because I have to copy two long file hashes.

Issue 2 is that question 2 in task 10 asks for the "first yara rule to detect file 2." It seems that the yara rules might be loading in a different order. The answer is now the third listed rule.

Hello. https://tryhackme.com/room/insekube Task 7 Escape to the node: Missing file root.txt :/

just to be sure.... can you try the procedure to check if you are in a container???

also obviously no file called flat.txt

pod has status Running / unfortunately i have no knowledge to verify if I am in the pod .. I am trying to google it but without success at the moment, sorry. flat.txt if just mistake.

shadow dunno too.... they just know that in some rooms you are ment to escape the container to get the root flag ¯_(ツ)_/¯

hmm, I can "cat" /etc/shadow and rest /etc but i can't ls is showing nothing in /home also :D. Probably I am doing something wrong .. but don't know what...

sorry all i find problem 😄 I make mistake ...

room work perfectly 😄

Hello. Room https://tryhackme.com/room/hololive.
I cant download the vpn file, always got a 404 error. It seems that this problem is occuring from at least the 16/08/2021 till now.

leave the room.... rejoin it.... go to download the vpn file... hit regen button... wait 5 min.... try download it... maybe tada

@rugged canyon , i will try that, thanks !
Could it be pined to the holo channel for others ?

Gave +1 Rep to @rugged canyon

well no idea how shadow would control that

Room LinuxPrivEsc - either im doing something wrong, or something is wrong 😄
mysql> create function do_system returns integer soname 'raptor_udf2.so';
ERROR 1126 (HY000): Can't open shared library 'raptor_udf2.so' (errno: 22 /usr/lib/mysql/plugin/raptor_udf2.so: cannot open shared object file: No such file or directory)

##----------------Quick fix for above (not really) -----------------------##

escalate to root
cp raptor_udf2.so /usr/lib/mysql/plugin/raptor_udf2.so
exit
continue with mysql fun and escalate to root....

yeah i know doesn't make a sense, but at least i could see how raptor works xD

real solution was, someone already changed it, Thank You! xD i really need to learn mysql...
select * from foo into dumpfile '/usr/lib/mysql/plugin/raptor_udf2.so';

this room is private / inaccessible to logged in subscribers: https://tryhackme.com/room/xxe
it's linked to from the googledorks room: https://tryhackme.com/room/googledorking

Please try the new link in the task. 🙂

Damn you're fast. Works now, thank you!

Gave +1 Rep to @glad badger

Hello, not sure if this is the appropriate place to report/discuss this but I'd like to verify something.

I'm in the Introductory Networking, Task 6, Question "What switch would you use to specify an interface when using Traceroute?"

I'm using Ubuntu 22..04.1. When I do a 'man traceroute' I don't see the -i switch mention to change the interface. I took a guess at it and got the answer correct though and I'm not sure how/why.

Why isn't this switch documented in the man pages that were displayed to me?

Hi. I'm not sure if this is a room bug but I'm on
OWASP Top 10 room and wasn't able to connect to the Start Machine IP. Nothing has changed on my end, I completed task 19 yesterday without any issues. I tried on both cellular connection and on my fibre connection.

Probably means you've started the machine under the wrong task

Please also make sure you’re going to http:// not https:// as most machines won’t resolve on https

Thank you, I'll remember that.

Gave +1 Rep to @hazy tiger

Thanks, I think it was the HTTPS, I've got it working now.

Hello, I was doing the Benign room and I can't answer the penultimate answer (without reading a writeup that has the answer) because to get the flag I must connect to the link given in the Splunk logs, but when I try, with and without VPN connection, I get an error:

If the webpage is not active anymore, how am I supposed to get the flag?
Is there another way to get it from Splunk or is it a "bug" because the webpage is not longer active?

is advent of cyber 2 still up ?

because when i tried to do day1 i couldn't finish it

even when i did exactly what the writeups said

All the AoC are still up, there is a room in one of them (day 9) that you can't do, everything else is fair game.

where can i find help for the vulnnet box

Is it AoC 4(2022) day 9?

No, its a different AoC year.

However 2022 day 9 can only be completed in a VM unless you have a sub.

the aoc for 2019 day 9 is 100% broken yes... aoc for 2022 is not broken if you use your own vm or have a subscription

Hi there is an error in the Wireshark: Traffic Analysis room. Task 6 "Cleartext Protocol..." First Question Hint says "FTP code 503" should be FTP code 530

@dry blade The "Ghizer" room is broken, anonymous FTP requires username and password

I dont know if was supossed to be a guessing question (really that would be awkward)

But was easy to guess just for knowing the length of the word

Also i dont know if this counts as a bug

But is a thing that maybe im not the only one who made

Some of the answers across the platform are definitely guessable, but the point of the exercises is for you to learn / practice, right? It is definitely possible to guess or look up answers, but you're only kind of screwing yourself over that way.

Ok

It seems like "Hide Completed" in My Rooms is broken. It does not work now. Anyone has the same issue?

its a known issue lol

I'm doing the Advent of Cyber 2 (2020) https://tryhackme.com/room/adventofcyber2 and in day 4 (Task 9), the hack box location for the word list is no longer valid. /opt/AoC-2020/Day-4/wordlist. Also, there are two recommended rooms linked at the bottom of this task. Both links lead to inaccessible Rooms:

brainstorm ( https://tryhackme.com/room/brainstorm ) task 1 question 2 seems to be wrong... even scanning both tcp and udp ports gives a result of 3 when the answer is apparently supposed to be ||6||

https://tryhackme.com/room/webenumerationv2 task 9 it asks what the latest version of a wordpress these is - needs to be updated.

https://tryhackme.com/room/tmuxremux
Task 6 "Reloading the .tmux.conf file again shows the output of whowami from the script.sh"

AoC day 21, don't bother trying to use your own machine.....
tell me THM doesn't value free users without telling me that THM doesn't value free users...

You get an hour a day for free so its entirely possible to complete. And that's one task in one room out of over 600.
There's plenty of content for free users.

hi, for Island Orchestration. I scanned ports and I got 3 port open. then 2 out of 3 services became unreachable. It's minikube instance. And i'cant bind to web ports.

https://tryhackme.com/room/islandorchestration# can u check pods guys

Anyone have any issues with the Mr Robot CTF? I don't want to give anything away, but I am finding the webapp is essentially unresponsive so I am unable to customize the any of the page templates. I have restarted both the room and the attackbox multiple times with no improvement. Any ideas?

sounds more like tech support questions but nope it worked neatly for shadow when they did it 3 months back

and doubt anything changed since then

Anyone have this issue with the creddump7 tool from the windows priv esc room task 11

I thought this was already fixed for python3, but seems to have python2 syntax

pyenv to the rescue

how specifically

https://www.youtube.com/watch?v=1Zgo8M9yUtM

lets you set to use python 2.7.18 for that directory to run the script using that version of python

Great thank you!

no problem

pyenv and python virtualenv/venv helps a huge amount for using python stuff

I've used virtualenv before is that different?

virtualenv keeps your instance of python different... pyenv keeps the version of python different

they work together neatly

good to know

before I continue with this I do have python2 and python2.7 but those give different errors when running creddump7. How would pyenv fix it?

hmmm maybe.... you might be missing pip packages that need to be installed... which is where you would use both virtualenv and pyenv

enter a virtualenv session and then start installing packages essentially?

seems way too much troubleshooting to run this file lol

¯_(ツ)_/¯

hmm

The room and task 11 has not been fixed since people complaining from 2021

yeah.....

I guess since python3 is giving a python2 error and python2 is giving a module not found for crypto.hash. I could start a virutalenv and use the python2 pyenv and download that crypto.hash module. But looking that up seems like it's not available anymore

pyenv local 2.7.18
python -m virtualenv .venv
source .venv/bin/activate
python -m pip install crypto.hash

profit???

or use the attackbox as that should have the tools to make that room work

I guess yeah

You pyenv install 2.7.18 and then run it to the local shell only?

well yeah kinda.. the local part sets it to use said python version in that folder only

Yeah that's nice

mind if I dm you

please don't dm shadow

haha ok I did that but seems as though it still can't find crypto.hash

weirds

did it work for you?

dunno how to help ¯_(ツ)_/¯

Thanks for trying was curious if it worked for you

Gave +1 Rep to @rugged canyon

Hi there, almost 20 minutes i'm trying to connect to port 80 for https://tryhackme.com/room/insekube but the port is still closed, any idea ? I tried the room fews days ago and that was working

yes all of the k8s based boxes are buggy

i m still waiting for island

Sad :/ Hope this will be fix soon, never tried island btw but i'll try after this one

as a devops eng i liked it i'm at last step but cant use web ports lol

https://tryhackme.com/room/splunk3zs
splunk Bots V3 room
Task 3 Question 2

What field would you use to alert that AWS API activity has occurred without MFA (multi-factor authentication)? Answer guidance: Provide the full JSON path. (Example: iceCream.flavors.traditional)

The provided awscloudtrail link is no longer valid but can found here now https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-sign-in-events.html

But anyway the question asks what is the field used to alert AWS activity without MFA
according to the docs though it would be the log for IAM user, successful sign-in without MFA so the answer should be additionalEventData.MFAUsed

But the answer format is wildly different. did some digging around and looks like the answer THM wants is from Root user, MFA changed so answer would become userIdentity.sessionContext.attributes.mfaAuthenticated

which looks to be different from what the actual question is. Also couldn't find any logs that have the mfaAuthenticated field while there are 4 events that cover MFAUsed

Uh, I think there is a bug in the Sysinternals room. I am referring to the Network Discovery portion in task 3. Enabling network discovery does not actually work. I'll click enable, save it and it will revert back to the original settings - no save at all. I just tried it on my VM to see if that would fix anything and it does the same thing. Also tried running it as admin and it does the same thing. Don't know if I'm stupid or wat

tldr; I can click save but it doesn't actually save.

Not sure if this is a bug or not but I typod an answer and it accepted it. In Tactical Detection, Task 2, Answer 2, I entered bad3xe69connection.ip The correct answer should be .iO. But for some reason it accepted the wrong answer. Do you know why that is? Are other people having trouble with this room?

It's not a bug, it's answer tolerance, the longer the answer, the more the tolerance.

You'll find it all through THM

Hi all I'm currently doing the kerberos and active directory modules
https://tryhackme.com/room/attackingkerberos
https://tryhackme.com/room/attacktivedirectory
the problem is that Impacket has been updated and the url are false and you get this error when trying to clone the repository.
git clone is not a valid command

I already found the new URL and the modules need be updated
git clone https://github.com/fortra/impacket.git /opt/impacket

I already tried to send an email to the tryhackme support but they don't understand me (maybe my english is bad...)

hello I am having a possible bug with the Zeek room Task 7 final question, my results are off by one. I have screenshots and what all I have run, in a write-up if you'd like to see, but I want to make you aware of it.

Room: Splunk101, Task: 5, Q1. I believe this answer needs updated. I was getting it wrong and pulled up an old walkthrough and the guy was doing the same thing as me, but his answer event count on the log file was slightly higher. The one I was getting was something like 2812, vs the 2862 which is the right answer.

Hi

There is a mistake in room "Linux Privilege Escalation" in task 7

it talks about the Privilege Escalation with SUID using nano

and nano does not have SUID bit set

That's just an example, doesn't mean the target machine has SUID on nano as well 🙂

Oh right

i think that that was the way to do it

sorry

is there any verified guide?

Not an issue, the approach is the same as explained in the task, just with a different binary

weird how many people not understand that most of the stuff for that room is examples of how to do it with differing methods to do it for the practical

Well, not that weird tbh, since the last part of the task is talking about adding another user to /etc/passwd, which is not possible with the actual binary that has SUID on the target machine, so I see that this could be confusing a bit

¯_(ツ)_/¯

Some users read task content as instructive and others have a higher tendency to consider it as read-along. Even when we focus on making the text clearer in its intention, there's still room for users to interpretive reading. 🙂

yeah good explaining tim

Interesting. Didn't know that. Thanks!

Gave +1 Rep to @quaint sparrow

Hi guys , I'm new to tryhack me in room " soc level 1 --> cyber threat intelligence -- > threat intelligent tool -- > task 4 "
First question is about ioc 212.192.246.30:5555 malware but it throws wrong answer does the correct answer old ?

Hey! can any staff reset my Lateral Movement and Pivoting lab? The SMB server is completely bugged,

All my smb client commands are giving error messages, even the copy-paste command from the walkthrough gives errors:
smbclient -c 'put myservice.exe' -U t1_leonard.summers -W ZA '//thmiis.za.tryhackme.com/admin$/' EZpass4ever

session setup failed: NT_STATUS_LOGON_FAILURE

Hey guys, the text in Linux Fundamentals pt 2 section 5 is missing some information and screenshots as compared to the walkthrough video. Just to let you know. Thanks

You might want to be more specific, or otherwise it's hard to figure out what exactly you mean

It's nothing critical, just for example the screenshot explaining the permissions that is present in the video is not present in the text provided under the section 5.

Network Services 2
https://tryhackme.com/room/networkservices2
Task 2, image doesn't load ( https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fconceptdraw.com%2Fa468c4%2Fp26%2Fpreview%2F640%2Fpict--file-share-network---vector-stencils-library.png--diagram-flowchart-example.png&f=1&nofb=1 )

island orch. is still buggy. 80 and 8443 is closed

Hey, EasyCTF room bug... nmap reveals 2 ports under 1000 neither of which is the correct answer for Q2.

it is not asking for those 2 ports... there are other open ports above 1000 that it is looking for

Another problem with this one, I checked the forums and apparently there is some sort of CMS running for which there is a vulnerability but IP:80 only reveals the apache default page...

the room at https://tryhackme.com/room/rpnessusredux has an error. The VM has been updated and the task asks ||what version apache server is running. The answer should be 2.4.25, but the room only accepts 2.4.99||

also, the task that asks ||for the plugin id needs to be updated. the only plugin that displays the erroneous 2.4.99 information is plugin id 48204 but the room wants answer 10107||

Hi for the room Quotient, remmina is not able to rdp into the machine. Tried using xfreerdp and it allows me to log in but after say 3 minutes(?) or less, the RDP connection gets disconnected. I terminated and restarted machines 3 times already but still face the issue

https://tryhackme.com/room/winadbasics

at this point shadow is starting to think you are not enumerating the machine enough to find the answers.... there is a hidden dir which reveals the cms on that target machine

there is another plugin that gives a different value to the one you are checking and getting the value from....

@green steppe ^^ pls fix ❤️

oh i bet it’s because they used imgur:////

the images all go to your blog

oh wait is that the joke?

ohhhhhhhhhhhhhhg

yes i moved blogs, i bet the URL is different on my blogs side

for example https://skerritt.blog/media/shodan/8.png

Done!

thanks shadow, but talk about misdirection. why is it called simpleCTF?

Gave +1 Rep to @rugged canyon

it is simple... guess you just have not learnt of the prerequisites yet

its not simple if much higher ranked people have had problems with it..it should at least say enumerate to find the hidden CMS..there are more obvious ssh exploits. you response is arrogant

you mean you skip enumarating all the machines that has port 80 open???

that seems more ignorant to shadow

not all machines, maybe just this one. thats your ignorance.

fair and shadow don't feel like arguing

after all it is an older room that might not be up to newer QA standards

Thanks thm for nothing for 2 weeks

Did you look further?

When we look to fixing rooms, we see how many people reporting it as broken.

You are the only one who has reported it as broken so I can only presume that you’re either A: not waiting long enough for the box to start, or B: doing something wrong and not telling us enough about your issue to help

🙂

Don't know if this is the right forum for this kind of stuff.
Room: https://tryhackme.com/room/webenumerationv2
Task 9
Question 2: WPScan says that this theme is out of date, what does it suggest is the number of the latest version?
Answer: 2.3
But in fact the latest version is 2.4.
It's not critical or anything but felt like sharing

I gave up on it. None of the exploits work for me.

Not sure if this is the correct place to report typos in rooms but here goes:
In buffer overflows, task 4 "In the above example, we [save] that functions" should be "saw". "rdi, rsi, fx, rcx r8 and r9 are called saved" should be "rdi, rsi, rdx, rcx[,] r8[,] and r9 are [callee] saved."

Maybe try a directory scanner?

I think I may have found a bug in the futhernmap room. the answer is 999 but i do have 4 ports open 🤔 . or am I wrong? Mans a noob 😄

You are scanning your own attackbox, rather than the target machine

hello, yara room machine is broken https://tryhackme.com/room/yara
also the download links for the task files in threat intelligence tools room are dead

in "Unified Kill Chain" https://tryhackme.com/room/unifiedkillchain task 7 "MITRE Tactic (TA0009)" redirects to "https://attack.mitre.org/tactics/TA0009/><p%20style=" instead of just "https://attack.mitre.org/tactics/TA0009/"

In Windows Fundamentals 2 task 7 covering the netstat command no image is displayed to show a red box highlighting the syntax. I was able to find the picture through inspect element at https://assets.tryhackme.com/additional/win-fun2/netstat.png. I was taking notes on the room when I noticed the task mentioned an image above referring to the syntax for netstat but nothing was displayed.

Room: https://tryhackme.com/room/windowsfundamentals2x0x

https://tryhackme.com/room/networkminer
Just a minor typo in Task 1:

@hazy fulcrum you're up^ 😄

Done!

https://tryhackme.com/room/zer0logon
Task 2 - When I run the first command to install virtualenv, it gives me an error about pip being an older version and suggests I upgrade, so I do and run the second command to set up the virtual environment for impacket, the command on the page gives an error, but if you run 'python3 -m venv impacketEnv' it works.

I have the same confusion. I am wondering if you finally find a solution the deal with this problem?

i just used the vpn and a virtual machine

Room: File Inclusion, Task 6, first line says: Remote File Inclusion (RFI) is a technique to include remote files and into a vulnerable application.

I believe the word and should be removed, also the word into sounds weird, i dont know if it should stay as into, or the sentence re-written a bit, but either way, the word and I don't think is needed

https://tryhackme.com/room/dataxexfilt - missing image in Task 3

Hi, I noticed that in the Zeno room, /root/bash_history is linked to /dev/null instead of /root/.bash_history

This isn't really big, but this means the command history from when (I think?) the box was being developed is still readable.

Done!

On room https://tryhackme.com/room/goldeneye, the VM is not starting.
The button works, and the "Starting machine" notification pop-up shows up, however there is no machine, IP, timer information on the room.

I am also having a similar problem as the person above me with the vulnnet1 room (https://tryhackme.com/room/vulnnet1)

https://tryhackme.com/room/xssgi

task7
https://xsshunter.com/ is now depreciated and no longer allowing users to create accounts
its now recommended to use https://github.com/mandatoryprogrammer/xsshunter-express and self host it yourself

https://tryhackme.com/room/pyramidofpainax

Task 5 Question 3:
"Using your OSINT skills, what is the name of the malicious document associated with the dropped binary?"

Problems:

• Question 3 is a duplicate of Question 4.
• Given the correct answer to Question 3, it seems like the wording is wrong.

Suggested Solution:
Change Question 3 so it reads like so:
What is the executable file dropped by the malware?

It might be a bug in the OWASP Top 10 room in the Complete Beginner path. On task 11, the hint from the developers is missing from the webapp source as far as I can tell. Tried to relaunch the machine and use different computers on this one, same issue. 🙂

I waited for about 30 min. Also it's very clear, pods're not working. I couldn't bind the ports

"/tmp/liv0ff.ps1" should be "/root/liv0ff.ps1" if you followed the steps before on the AttackBox on Task 7 in https://tryhackme.com/room/livingofftheland

Hi! In room https://tryhackme.com/room/metasploitintro, "Working with modules" section, LHOST is described as "Localhost", which in my opinion really should be "Local Host", as localhost usually bears a very specific loopback meaning.

The topic of the room is using kubectl commands. a person who can use it can stop the pods. As you can see, there is no redundancy here. I couldn't finish the room for weeks. Because the pods are not standing

Fixed. 🥳

whooop 🎉

also we can add healthchecks i can help with that

ran into a bug in the adenumeration, task 1. when requesting AD credentials you can get a username that is over 30 characters when combined with the domain name. I got around this by requesting another set of credentials until i got one that was shorter. Due to the domain name of za.tryhackme.com the username can be at most 13 characters long, but the distributor page can give out usernames that are longer.

For what it's worth, the layout of Burp Suite no longer matches the questions of task 7 in the room Burp Suite: The Basics. The task says to use either the attackbox or your own copy, but you have to use the attackbox or find screenshots of Burp at the moment. If there's anyway I can do leg work to make it easier to update, I'm willing to do it.

Hey, this problem always seems to be present

OWASP JUICE Shop password brute force does not work properly

Or at least the instructions are not correct

Always best to first ask about an issue with a room in #room-help before considering something a bug, that way you can double check with someone else if it's really a bug 🙂

Irony of your statement 😂

You assuming I didn't ask anyone

I'm not assuming anything, I checked if you asked in the appropriate channel first, which you did not.

And since I highly doubt there is a bug on that room (which I can be also wrong), it's best to ask in #room-help first.

I did my research and I asked other participants about it. We all had the same problem... But hey it's cool 😎😄👍

If you are interested, come up into #room-help and I gladly have a look myself 🙂

I found 2 bugs actually but since you wanna be defensive someone else will follow protocol and report it, cool? Cool!

Not sure why you even getting so passive aggressive, but that behavior will not gonna get you anywhere in here.
With that being said, no further arguing in here.

I'm not passive aggressive, your approach was aggressive but honestly I think nothing of it. The 2nd wasn't a bug my bad lol more like an instruction update... Otherwise Juice Shop was a fun room

Dead Link (404) https://digital-forensics.sans.org/media/Poster-2015-Memory-Forensics.pdf in Room https://tryhackme.com/room/volatility Task 11 (Conclusion)

https://tryhackme.com/room/follinamsdt the link to the sigma rule gives a 404

https://tryhackme.com/room/owaspapisecuritytop105w in Task 4 it is said that you should use Authorisation-Token header, but it doesn't work, when used Authorization-Token it works, so I think that it is a typo.

Good evening , my Tryhackme is not showing me my progress on my rooms. && when I try to enter the room I am currently working on it is not working it says I am already apart of the room. I try contacting tech support and emailing THM but no one responded.

Room

- <https://tryhackme.com/room/shodan>

Google & Filtering

- What is the top operating system for MYSQL servers in Google's ASN? 
    * Is:    ||5.7.39-42-log||
    * Wants: ||5.6.40-84.0-log||
- Under Google's ASN, what is the most popular city?
    * Is:    ||Kansas City||
    * Wants: ||Mountain View||
- Under Google's ASN in Los Angeles, what is the top operating system according to Shodan?
    - Is:    ||Debian||
    - Wants: ||PAN-OS||

Shodan Extension

- Text Duplicated

Overall

- No Images

For room owasp api security top 10, task 4, section Practical Example, the example details de header as "Authorisation-Token" the application in the room accepts "Authorization-Token" with Z

It has both, in the room text it says “authorization” but in the title it says “authorisation”

This is because the syntax requires a z, but the title isn’t detailing the syntax, it’s describing the task contents and henceforth is written in British English

Unless it has changed but I’m pretty sure I already checked this two days ago:)

jabba answers your question right above this message

"The endpoint will return a token, which will be passed as an Authorisation-Token header (GET request) to apirule2/user/details to show details of the specific employee. Bob successfully developed the login endpoint; however, he only used email to validate the user from the user table and ignored the password field in the SQL query. An attacker only requires the victim's email address to get a valid token or account takeover." - that's what's said in task content, a bit misleading imo for someone that didn't work with auth headers before

+1 on this, also, for us non native English speakers, we won't know what is British English and what isn't, we just go with the description of the lesson

room: SQL Injection
Task 4 - What is SQL Injection
Under the question: What does it look like?
Second paragraph says the following: From the URL above, you can see that the blog entry been selected comes from the id parameter in the query string (I think it should say being and not been)

hi all, i found a bug in a task. Hope I'm in the right group here.

Room: Subdomain Enumeration https://tryhackme.com/room/subdomainenumeration
Task: #3
It mentions the search term -site:www.tryhackme.com site:*.tryhackme.com in the text, but the "-" sign in the beginning should be removed to get the correct answer from google.
See screenshot.

oh. but it worked either way?

cool. 🙂 thanks

Same problem here. Looks like the new host does not provide the expected answer anymore.

not trying to to be nit picky on grammar in rooms 😦 but since this channel is here, I bring up things that I notice, as a helpful fix to make the rooms better 🙂

Room: SQL Injection
Task 6: Blind SQLi - Authentication Bypass
First paragraph for Blind SQLi, last sentence says the following: It might surprise you that all we need is that little bit of feedback to successful enumerate a whole database. (I think it should be successfully)

Can we fix this? I can't enter the "Recon" answer because the answer field is missing. I'm sure lots of folks are hung up on this bug and cannot proceed with training.

Read the hint for the question. 🙂

hey

I did. It's missing an answer field so you can't proceed with the thing./

All the answers in your image are incorrect, indicated by a red line underneath each entry. When you enter the right answer in a field, it will not have a red underlining.

No they aren't. They're identical to the image on the left. Answers on the right.

Not sure what you're looking at.

But you can see how "Recon" is missing from the right answer area, right?

Re-read Task 7 Question 1 and see what the task at hand is about. It is not about the names of each chain. 🙂

ok. I'm working but will re-look later. Still looks like a bug though

I teach CEH on Monday. Developing hands-on hackcercises for students.

Hello.

@slow epoch In your room, I would like to inform you that the hotel you mentioned in the last exercise no longer exists in the latest Google Maps updates.

https://tryhackme.com/room/searchlightosint

That way it would be interesting to update to prevent the room from being "broken". Thanks for the room. 🙂

https://tryhackme.com/room/cve202226923
This room has something wrong. second command that is used to verify the cert isn't working. I have tried it using both my vm and attackbox like the room suggests and nothing seems to be working.

Hello! The room https://tryhackme.com/room/rppsempire, has broken images starting on Task 5. @twin tapir @heavy spade

@cinder jasper did you manage to run the command?

I did.

The command to generate the certificate works but the second command to validate is not.

https://tryhackme.com/room/adcertificatetemplates
task 5: command:
Rubeus.exe asktgt /user:svc.gitlab /enctype:aes256 /certificate: /password:12345 /outfile:tgt.pfx /domain:lunar.eruca.com /dc:10.10...

https://tryhackme.com/room/cve202226923
Testing Certificate Generation
certipy-ad auth -pfx thm.pfx

Since is the same VM, both rooms are showing the error below while following the steps:
[X] KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP
@crystal bolt

https://tryhackme.com/room/malbuster
Task2:
Q: Based on VirusTotal detection, what is the malware signature of malbuster_2 according to Avira?
Problem: Looks like Avira has changed Signature name of detected malware. I have answered question before and it was different, checking like 2h later, signature is different...

Hi, the Insekube room hasn't been working properly for weeks, any news about this ? Port 80 is closed, so it's not even possible to get past task 1. https://tryhackme.com/room/insekube

Indeed it changed, maybe @topaz snow can edit it

https://tryhackme.com/room/metasploitintro
Task2:
What the course say:
Metasploit has a subtle way to help you identify single (also called “inline”) payloads and staged payloads.

generic/shell_reverse_tcp
windows/x64/shell/reverse_tcp

Both are reverse Windows shells. The former is an inline (or single) payload, as indicated by the “_” between “shell” and “reverse”. While the latter is a staged payload, as indicated by the “/” between “shell” and “reverse”.

Question:

Is "windows/x64/pingback_reverse_tcp" among singles or staged payload?

Problem:
Agree for Singles!

Looks like the Windows Internals room machine is gone

https://tryhackme.com/room/wireshark

Task 13: Answer the questions below

The file name is actually task13.pcap, not task11.pcap. Just a little typo! 🙂

@twin tapir one for you :^

@lucid oasis
Hi community,
Does anybody get the website up and running for room SQL Injection Lab ?
https://tryhackme.com/room/sqlilab
Tried several times, but neither Firefox or chromium can load the website

Hey, please do not ping TryHackMe employees^

https://tryhackme.com/room/networkservices2

Task 2: Image could not be loaded. Neither FF nor Chromium.

Hey there, checking this now. Was on leave last week.

I think it might be that the DC's certificate has expired, which would result in this error. I'll refresh the DC cert and see if that fixes things

How can I know who is working for TryHackMe?
But I rather would have an answer or response instead of a remark.

If you’re having an issue with a room, please post your message and wait for someone to pick it up; pinging employees will not help you get your answer faster because different departments deal with different issues 🙂

So how can I know who is working for THM?

Why do you need to know that?

Never mind, what a shit show

Done!

Room OWASP Top 10, Task 6 "Broken Authentication Practical" The target site does not respond to 8888 -
https://tryhackme.com/room/owasptop10

Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 09:52 Central Standard Time

Nmap scan report for 10.10.197.126

Host is up (0.11s latency).

PORT STATE SERVICE
80/tcp open http
443/tcp closed https
8888/tcp closed sun-answerbook
Nmap done: 1 IP address (1 host up)

Terminated and created a new instance and it worked

Hi all, in https://tryhackme.com/room/jumpbox, only SSH is up, port 80 and 8443 not work! It doesn't look like my nmap's result from a few months ago. Both premium and normal account have same issue. Please check it!

@raw bison

Done!

I am having an issue in Network Security - Task 3 - the ftp server port is not open, so I can't grab the secret.txt file to complete the lesson

You got an IP there?

10.10.247.77

Or how long have you been waiting?

on the Attack box

I started the lesson several times, same result.

You're using the wrong IP.

You need to use the machine listed in the task.

I tried that too - no joy

Try it, and wait 5-10 min(s)

Machines won't be deployed with the services running, you sometimes need to wait.

okay - its been up for 30 mins already

10.10.247.77 ?

That's because it's the wrong machine.

The instructions and the image say to "nmap MACHINE_IP"

You need to start the machine using the green button.

Looks like that.

I tried that, I tried the IP's in the examples. Okay - I will try that again.

Then the IP will show there.

And nmap Machine_ip will update

Okay, thanks. Then I use the blue box to "Start AttachBox"?

Yes. 🙂

Thank you! Been messing with this for an hour.

Thank you so much - it's working now!

Happy hacking!

Hello,

I'm doing the redline room and trying to import the analysissession1 to redline after running the script as admin privs. Im getting unknown error and opening it only shows me:
Timeline
Tags and comments
Acquisition history

While creating the script i edited it as the room states. Nevertheless due to the error in importing all the information needed to complete the task. (For example System information) show as not collected?

Anyone got tips or tricks for this. I noticed that the VM Local disck is really full so could that be effecting my issue?

I'm trying to do task 5 in the SSRF room, but the website won't load through my attack box. any help would be appreciated, can send a screenshot of the problem in a dm but the server doesn't allow it.

OWASP room task 12, target machine won't start, my id "vpgrem"

Please use #room-help

Just went through this and it was driving me crazy not being able to find the answer by 'view page source'. I ended doing 'inspect' and found the answer that way..

Done!

@eternal summit you around?

Done!

Cheers

For room sysinternals, task 9, the result showing from the vm is not the accepted answer of the task. I did a quick search in this discord server and saw multiple people have faced the same problem. Maybe the answer needs to be updated?

I think in the Packets & Frames room in the Network Fundamentals module in Task 4 (UDP/IP) there's an error in the second table (showing some of the UDP packet headers). In the description of the Source Port Header it says "This value is the port that is opened by the sender to send the TCP packet from." which doesn't make sense to me when talking about UDP packets

anyone having problems with "Internal" ??

I just can´t login with the credentials I found

and it should be right, because I followed the same steps as the Writeup

If I wanted to replace the contents of a file named "passwords" with the word "password123", what would my command be?
echo "password123" >> passwords

Now if I wanted to add "tryhackme" to this file named "passwords" but also keep "passwords123", what would my command be
echo tryhackme && passwords

Pretty sure I got these questions wrong, but somehow they were marked 'correct' lol

one ">"

">>" means append to the end

Yes, but it was still marked as correct is what I'm trying to say..

which room?

Linux Fundamentals Pt 1 Task 7

This is answer tolerance, it's not a bug

If you refresh the page, the correct answer will be displayed.

in https://tryhackme.com/room/attacktivedirectory in the Task 3 there is typo: It's important to note that not all services may be **deteted **correctly

It did not work. I restarted this machine five time

You need to allow more time for the machine to boot - especially as it is splunk. I'd recommend waiting at least 5 minutes

https://tryhackme.com/room/operatingsystemsecurity
anybody has the completed this room?
its flagging default creds as wrong

its the wrong code

wait are you talking about task 6 in the room SQL Injection or a different one?

Spoilers, don't post flags in the chat. 😄

task 6 indeed

well its wrong thats all i can say

it's a bug nope ?

let me check

thats the code for the task before my guy

u need to click on the blue button saying level 3 and then theres a new code displayed on top

Strange, i tried 2 times, next level and it was the same, maybe a windows' firefox bug... thanx a lot

no problem

I deleted the flag from de chat.

Other stuff, when i try to insert the sql it doesn't change the query or the sql results (task8) :

same thing for task 7. I'm working now on kali and firefox.

well thats why its blind, the first part of the union statement needs to be true for the request time to change

Hello ! I am having the same error on the box https://tryhackme.com/room/adcertificatetemplates [X] KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP is the issue still going ?

That is correct yes, I haven't had the time to push the new image. It should be fixed latest this weekend? Apologies for the inconvience

No worries I just got stuck for a while ... nice to have a confirmation !

But in task7 for exemple, if i follow all the instructions, should I not have to receive the SQL results ?

I'm quickly doing it now, should be sorted in 30ish minutes

Shutdown the VM, give it ten minutes, refresh the room, then boot the machine again. It should read ADCSTemplateVM5 for the VM. If it does, the issue should not be resolved. if the issue persists, please just pop me a message!

And see you next year again for when the cert expires 😂

Thank you the issue is definetly resolved 🙏

Gave +1 Rep to @crystal bolt

Done!

Nevermind, had to run the snort thing as sudo.

Attention to detail is a superpower.

managed to solve? I'm in the same problem

This isn't a bug. 🙂

If you go to #room-help I can assist you.

@nimble locust bad link ?

I just tried the room https://tryhackme.com/room/kuberneteschalltdi2020 after several months closed by Kubernetes's service not work. It is working normally, I got all flags. Admin should consider reopening this room!

Cool

@gleaming shadow still here?

Done!

Room: Splunk101 Task: 5, Q1
Is this a bug? The only reason I found the answer is an older message by @pine linden

Disregard

Never mind - if you launch the exact same query again, it'll give you the proper number of events. Not sure why but indexing is weird.

Room: webenumwordpres
Task 9, question 2: The version needs to be updated

Thank you for bringing this to our attention!

We only update machines when there is a security vulnerability that will decrease the difficulty of the box, such as the sudo vuln.

Gave +1 Rep to @thick junco

I meant to say that we need to update the answer to the question
The question is "WPScan says that this theme is out of date, what does it suggest is the number of the latest version?"
the accepted answer does not match with the results of wpscan anymore

I discovered the issue.

• http://fakebank.com/bank-transfer works
• http://fakebank.com/bank-transfer/ renders an alternative and broken view
  Simply the addition of a / to the URL rendered a completely different page with identical inputs and outputs, and was totally broken.
  @delicate olive found this bug... for the room: https://tryhackme.com/room/introtooffensivesecurity

Indeed, no wharrrr be my bounty ^_^ jk jk. Thanks @rugged canyon for forwarding this to the appropriate channel.

Gave +1 Rep to @rugged canyon

@queen sphinx ⬆️

well then guess juun is busy.... @gleaming shadow you there???

Done!

thank you hydra

sorry am in meeting

no problem juun... should have checked if others were available with online mode first

hello guys,

Room " startup " doesn't wanna start, normal ?

Can you provide more details please

when i click on " start machine ", nothing append, even if i refresh the page

Does this occur on all rooms or just this one?

i detect only this room so far

task 4 machine in nmap basic wouldnt launch for me

Splunk incident response room not loading after three reboots giving about 5 to 10 minutes between each try.

Room: https://tryhackme.com/room/cryptographyintro
Task 5: Hashing
There is a typo in this diagram, it should be "opad" instead of "ipad".

hey guys, Ejpt path --> /room/fileinc , task 5 , says try to answer lab 5 , but the last 2 questions states that both for lab 6 is it mistaken or lab 5 question got deleted ? thanks

it's clear that it's just a practice no question for that lab , nvm

the last question is for the playground , people may mistaken that it's in LAB#6 and waste time on lab#6 🙂

yes

carfull account ngrok banned :/

Can I report, not quite a bug, but more of an example command that's not quite right here?

https://tryhackme.com/room/hydra#

Example command, in Task 2, Post Web Form section:

hydra -l <username> -P <wordlist> 10.10.25.173 http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V

missing "login" from "/:username...."

Fixed command for my run:

hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.25.173 http-post-form "/login:username=^USER^&password=^PASS^:F=Your username or password is incorrect." -V

File Inclusion: Task 4, Question 1 - Answer accepts only absolute paths and not "walked" paths. I'd imagine this should accept either.
/lab1.php?file=/etc/passwd and /lab1.php?file=../../../../etc/passwd should reasonably be equivalent answers.

Not really a bug, we don’t accept ‘equivalent’ answers, there’s only one accepted answer.

#feedback-and-ideas

I'll submit feedback there. But, I do hope it will be reevaluated; IMO it's hard to argue that a valid path to the flag in the VM should either be considered an invalid answer unless there is a bug either in the form evaluating the answer or in the web app in the VM from which the flag is recovered. And, it's incredibly confusing as a user.

Some things to be ware of, first the answer box details the format of your answer. If your answer is any longer than that one, it is incorrect. As you can see in the answer, there is no directory walking.

Furthermore, in the room task it says Theoretically, we can access and display any readable file on the server from the code above if there isn't any input validation. and provides the example of http://webapp.thm/get.php?file=/etc/passwd.

It is very important to read the room carefully, your first step should be to see if there is any input validation, and to do that, you use the example provided (which will give you the answer).

Unfortunately, we are unable to accept every different form of directory traversal because let's say that ../dir/ works and ../../dir works and ../../../dir/ works etc., it would have a massive amount of possibilities. This is similar to XSS rooms that could have hundreds of payloads that work, but the room is looking for a specific payload.

This payload should be hinted towards in the explanation to point the user in the correct direction.

Thanks for the feedback. Highlighting that the answer box will reliable indicate the correct shape of the payload string to be evaluated is a key takeaway that I'm sure will limit my odds of running into this sort of issue in the future.

Hello, I'm doing Room "Reversing ELF" on an Arch Linux machine, and when I run index.crackme7 or index.crackme8 executable, I get the error :

./index.crackme7

exec: Failed to execute process './index.crackme7': The file exists and is executable. Check the interpreter or linker?

Are these two files not suitable for running on Arch Linux machine? Can you verify please?

PS: solved. It was needed to install lib32-glibc package.

Hey, I have an issue with Room "Razorblack" (https://tryhackme.com/room/raz0rblack). When I'm trying to change the SMB password of a user, which is required for progress, I get an error which says "The transport connection is now disconnected.". Has anyone had the same problem?

Sakura Room Task 5 2nd question Flag Format wrong. It is reported to be: http://[deeppasteURL].onion/show.php?md5 but any working deep paste URL don't work, either the one from the hint screenshot. Please fix it.

So I should use the hash in the screenshot hint and not the one I effectively found

On room WebOSINT, the last question of Task 2 has old (currently wrong) answer

The Registrant Country is not accepted as answer. I needed to take a writeup for discovering the valid answer that is a country not listed in WHOIS

anyone else having problems with the room "walking an application" website? i load up attackbox and type it in and all it does is give me a 504 timeout error.

Typo in Windows Event Logs room

If you don't know exactly what a SEIM is used for, ```

SEIM should be SIEM

room Nmap Basic Port Scans. Task 6 UDP Scan is no longer showing the service on port 53 Domain. Had to google the answer to get through

Hi! you have a typo in metasploit room (expolitation) PORTS: Port range to be scanned. Please note that 1-1000 here will not be the same as using Nmap with the default configuration. Nmap will scan the 1000 most used ports, while Metasploit will scan port numbers from 1 to 10000. (one zero too much at the end)

Where is the Typo?

At the end, it says one to ten-thousand

That's correct, no?

exploitation -> scanning

Looking at the example provided in the room, it also says 10,000

Can you clarify?

Now i see

you are right, there is no mistake

thank you for pointing it!

Hello, I am in the Network Services room, working on Task 6, the Telnet Enumeration. I am tasked to use nmap to find any open ports, but nmap keeps telling me all 1000 ports are closed. Not sure what I can do to solve the tasks, because I cannot find an open port. Any help would be much appreciated.

What about ports after 1000?

Hello I am in the Crack the hash room, Task 1 last hash (The MD4)
When i tried to crack it with hashcat + rockyou.txt i was getting Exhausted Status again and again.
When i did a research about it i saw that the hash leads to "Eternity22" but in the rockyou.txt there is only "eternity22"
When i added the "Eternity22" to the rockyou file it worked i saw that as a bug maybe someone should check it 🤷🏻‍♂️

Vm or attackbox?

Both

Actully no only vm

I tried to even download the rockyou again but still worked only when added the word

There is a chance Eternity22 is on the attackbox Rockyou.

No

Just checked

there is only eternity22

eternity22 -> 1dc9056eb023a3f97b4ea757ad5b6951 -> in the rockyou.txt

Eternity22 -> 279412f945939ba78ce0758d3fd83daa -> The answer in tryhackme but not in the rockyou.txt worked only when added manually the word to the file

Not a bug, you just need more sophisticated techniques such as rockyou with rules or online rainbow tables

which is not covered how to do in crack the hash 1.... it is first in password attacks or crack the hash 2 that rules gets mentioned

Isn't it a challenge room?

if shadow recalls correctly

The really old one?

never mind the hint for the question right before talks about using masks and rules

Done!

Hey all, I'm connected to the VPN, and I have started the machine in the Vulnversity room, and so I should be able to connect to the machine by putting the IP address in the browser's address bar, yes? It keeps telling me there's a problem loading the page.

so I should be able to connect to the machine by putting the IP address in the browser's address bar, yes?
No

Not every machine runs a webserver. Those that do may not run a webserver on the default ports

Ok, well it looks like it's running a web server when I scan it in nmap, but that's fine. I think I can complete the room without the target interface.

Room Linux Forensicshttps://tryhackme.com/room/linuxforensics

The above code snippet will look for any DLLs that have been loaded within the \Temp\ directory. If a DLL is loaded within this directory it can be considered an anomaly and should be further investigateded.

Typo in Sysmon room, task 2, investigateded, should be investigated

Small typo error in Wireshark101 Room where task 13 (pcap analysis regarding zerologon) says to open the task11.pcap but it's actually the task13.pcap that is meant to be opened

Hey everyone,
Does anyone know if there's a problem with Wreath Task 21 - "What is the Administrator password hash?" ?
I keep using the Hash NTLM value found in the same task, but it keeps telling me "Uh oh! your answer is incorrect."
I later used the same hash for the winrm step and successfully connected.

Sounds like someone reset the password in your instance. Go for a reset.

Hey, I've forwarded this on internally 🙂 thanks for reporting!

Gave +1 Rep to @tepid wing

not sure how to report / feed back in here ... there seems to be a skill pre req missing from the web fond class.. as well as a broken link during that path that requires the user to research and gain some hints about using burp ... the link is broken tho..

not sure how to report / feed back in here - Report as clearly as you can, enough information so that a THM staff member could look at your message and fix it

Web Fundamentals path mod = File Inclusion task 8 challenge in start of task description link is "https://tryhackme.com/room/webfundamentals" which goes to > Room is private "If this is an error on our behalf. Please contact us." i went to google a guide and found burp was needed.. which made me realize that had not been brought up at all during the path thus far so I am assuming it was hinted / discussed in the private link area.. but that might also indicate the need to list something like CompTIA+ path as a pre req for this considering the tool usage and things one would typically require ...
hope that makes sense ...

cc @glad badger The link here isn't updated

currently learning AD, and started with https://tryhackme.com/room/winadbasics but under the group policy sub section I noticed something which had me startled for a while, not a bug per se more of a typo but can be confusing to understand without looking at the diagram

The first thing you will see when opening it is your complete OU hierarchy, as defined before. To configure Group Policies, you first create a GPO under Group Policy Objects and then link it to the GPO where you want the policies to apply. As an example, you can see there are some already existing GPOs in your machine:

I believe the intent was for it to be: you create Group policies under Group Policy objects and then link it to the OU where you want the policies to apply, please correct me if I am wrong.

Task 3, Internet Explorer Shows Nothing In History, Only Today (Has To Show Searched CVE)
https://tryhackme.com/room/blaster

In Sysinternals room (https://tryhackme.com/room/btsysinternalssg) at task 9 - Strings running strings at Zoomlt.exe produce different path than expected as correct answer. Moreover there are actually two of them, so clarification would be handy.

https://tryhackme.com/room/splunk2gcd5
could support check splunk2 machine not work !

In Windows Privilege Escalation (https://tryhackme.com/room/windowsprivesc20) at task 6 - SeBackup / SeRestore there is wrong second part of the hash in the picture just above SeTakeOwnership.

Hint: check the port

And protocol

Typo in Breaching Active Directory Task 4: Note that if you use the AttackBox, the you should first disable slapd.
Should be then you should instead of the you should

Also noting, most systems have resolvectl now instead of systemd resolve. In Task 1, the configuration commands should be updated with the resolvectl commands
Which in this case is:
resolvectl dns breachad $THMDCIP
resolvectl domain breachad za.tryhackme.com

Can confirm that the rest of the box works when using these commands in lieu of systemd-resolve.

room: Johntheripper0
Task 1: [...] abstractly it means that the algorithm to hash the value will be "NP" and can therefore be calculated reasonably. However an un-hashing algorithm would be "P" and intractable to solve- meaning that it cannot be computed in a reasonable time using standard computers.
P is easy to compute and NP is tough to compute, so hashing should be P while un-hashing should be NP

THIS IS MY COMMAND: mimikatz # kerberos::ptt TGS_t1_melanie.wilson@ZA.TRYHACKME.LOC_http~THMSERVER1.za.tryhackme.loc@ZA.TRYHACKME.LOC.kirbi

THIS IS THE RESPONSE: * File: 'TGS_t1_melanie.wilson@ZA.TRYHACKME.LOC_http~THMSERVER1.za.tryhackme.loc@ZA.TRYHACKME.LOC.kirbi': ERROR kuhl_mkerberos
ptt_file ; kull_m_file_readData (0x00000002)

This is on Task 3 of exploiting active directory

SOLVED:

use "token::revert" command in mimikatz after the lsadump

exiting (as seen in the room instructions) is not enough

I'm going through Sysinternals (btsysinternalssg) and Task 9 question, I had to use a writeup to find the correct answer. Doing exactly what the writeup did resulted in me getting a different path for the .pdb file compared to the writeup and correct answer.

@raw bison

Done!

In Windows Event Logs (https://tryhackme.com/room/windowseventlogs) Task 2, the last question is a little bit ambiguous since it says PowerShell, and the previous ones were also about PowerShell, but there is no Event with ID 800. So instead of googling writeup I would appreciate a help saying e.g. Isn't there one more PowerShell in the left pane?

Hello

The room Brainstorm (https://tryhackme.com/room/brainstorm).

You have a wrong answer to the second question. He only accepted 6, and the number of correct ports is 3.

and that marks the 4th time shadow sees someone mention this.... so yeah bugged

Is the Brainstorm room buggy too?

I downloaded the binaries from FTP and I can't run. Not even through CMD.

IIRC the binaries are written for Windows 7 compatability

and 64 bit

So I will only be able to run it if I set up a virtual environment with Windows 7?

Even in compatibility mode it is not running. 😦

This Offensive Pentesting path was super interesting until it got to the Buffer OverFlow part. This whole part should be more basic and orientative... But I'm having a lot of difficulty learning about the subject and other than that some machines are wrong.

Been waiting over a half an hour in Task 6 of Exploiting Active Directory for the GPO to apply.

Is there a way to force this?

Still can't RDP with my IT Admin credentials

You need to download them in binary mode from FTP

I have done. These screens are from my machine.

I do not see you downloading them from FTP

Hence I cannot see you downloading them in binary mode explicitly, which you need to do.

It's been over an hour now waiting for GPO to apply.

Anyone else having issues with AD exploiting room?

JUST GOT IN! total time about an hour and 15ish

GPOs update automatically approximately every 90 minutes, so that checks out

Room instructions say max 15 min.

Lol